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1 > A network interface unit for communicating data packets over a non- 
secure network between client devices on a local area network (LAN) and an access node 
for a secure virtual private network (VPN) comprising 

means for authenticating at least one of said client devices seeking to access said 
VPN, thereby establishing at least one authenticated client device, 

a configuration server for sending configuration information to said at least one 
authenticated client device, 

a GUI server for presenting at least one menu to at least selected authenticated 
client devices, 

means for receiving at least a first message reflecting selections from said at least 
one menu, and 

means for accessing said non-secure network using information in said at least a 
first message, and 

a security server for establishing a secure connection over said non-secure 
network between said LAN and said access node. 

2. The network interface unit of claim 1 wherein said configuration server 
comprises 

a memory for storing configuration information for at least one client device, and 
means for retrieving configuration information for at least selected ones of said 

client devices from said memory upon subsequent authentication of said at least one 

client device. 

3. The network interface unit of claim 2 wherein said configuration 
information for each authenticated client device comprises information received on 
behalf of each of said client devices upon an initial authenticating of respective ones of 
said client devices. 

4. The network interface unit of claim 3 wherein at least one of said client 
devices is a computer, and wherein said information received on behalf of a client device 
is received from one of said computers. 

5. The network interface unit of claim 4 wherein said information received 
on behalf of a first computer is received from said first computer. 
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6. The network interface unit of claim 1 wherein said configuration 
information for each authenticated client comprises information related to connections to 
said non-secure network. 

7. The network interface unit of claim 6 wherein said information related to a 
connections to said non-secure network comprises information relating to at least one 
dial-up connection, 

8. The network interface unit of claim 7 wherein said information related to 
at least one dial-up connection comprises information relating to at least one customized 
dial-up connection, said information relating to each of said customized dial-up 
connections comprising a customized dial-up string of characters to control a dial-up 
modem connection to said non-secure network. 

8. The network interface unit of claim 7 wherein said information related to 
at least one dial-up connection comprises information relating to at least one customized 
dial-up connection, said information relating to each of said customized dial-up 
connections comprising a customized dial-up string of characters to control a dial-up 
modem connection to said non-secure network. 

9. The network interface unit of claim 6 wherein said information related to 
connections to said non-secure network comprises information relating to at least one 
connection having a fixed IP address. 

10. The network interface unit of claim 6 wherein said information related to 
connections to said non-secure network comprises information relating to at least one 
connection having a temporary IP address. 

1 1 . The network interface unit of claim 10 further comprising a DHCP server 
for providing said temporary IP address. 

12. The network interface unit of claim 10 further comprising a DHCP client 
for obtaining a temporary IP address from said non-secure network and providing said 
temporary IP address for use in said connection. 

1 3 . The network interface unit of claim 6 wherein said information related to 
connections to said non-secure network comprises information relating to at least one 
point-to-point over Ethernet (PPPoE) connection. 
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14. The network interface unit of claim 2 wherein said memory comprises a 
removable memory module. 

15. The network interface unit of claim 14 wherein said removable memory 
module stores additional information comprising web pages for presentation by said GUI 

5 server. 

16. The network interface unit of claim 1 wherein said means for 
authenticating comprises means for comparing client ID and password information 
received from a client device with information stored at said network interface unit. 

17. A network interface unit for communicating data packets over a non- 

1 0 secure network between client devices on at least one local area network (LAN) and at 
least one access node of a secure virtual private network (VPN) comprising 

means for receiving data packets from said client devices by way of said LANs, 
means for multiplexing said data packets into at least one packet data stream, 
a security server for modifying said packet data streams in accordance with a 
15 secure communications protocol by encrypting packets in said data streams and 
encapsulating resulting encrypted packets, 

a DNS server for providing network destination address information for at least 
selected ones of said data streams. 

18. The network interface unit of claim 17 wherein said security server 
20 comprises an IPsec server. 

19. The network interface unit of claim 17 further comprising 

means for receiving at least one stream of data packets from said non-secure 
network, 

said security server further comprising a firewall for filtering out packets in said 
25 streams of received packets that are not from said VPN network, 

said security server further comprising means for modifying said packets in said 
at least one stream by decrypting said packets in said at least one received data stream 
and decapsulating resulting decrypted packets, 

means for demultiplexing said at least one stream of received data packets to form 
30 at least one demultiplexed stream of data packets for delivery to said at least one LAN. 
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20. The network interface unit of claim 1 9 further comprising means for 
authenticating client devices on said at least one LAN, and wherein packets from 
authenticated client devices on said at least one LAN that are received at said network 
interface device are processed as packets received from said VPN. 
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